PRIVACY POLICY

CONFIDENTIALITY POLICY CONCERNING THE PROCESSING OF PERSONAL DATA

VESTALI guarantees the right to the protection of personal data and undertakes to process your data in full accordance with Regulation (EU) 2016/679 (“General Regulation on data protection” or “GDPR”), as well as with any other applicable legislation in Romania and the EU.

We reserve the right to periodically update and modify this Privacy Policy, to reflect any changes in the way we process your personal data or any changes to legal requirements. In the case of any such changes, we will post on our website the modified version of the Privacy Policy, which is why you should periodically check the contents of this Privacy Policy.

Who we are and how you can contact us:

VESTALI (www.vestali.eu) is the trade name of Eros Style S.R.L., having its registered office in Romania, Constanta ,900598, Ion Lahovari, 170, with order number in the Trade Register J13/2021/2007, unique fiscal registration code 21948615.

If you need any further information regarding the processing of your data, we encourage you to contact our team at info@vestali.eu.

Personal data we process

In general, we collect your personal data directly from you, so you have control over the type of information you provide us, as following:

When you create an vestali.eu account, you send us: e-mail address, first and last name;

Within your personal page (My Account) from the www.vestali.eu platform you can add additional information, such as: mobile phone number, delivery addresses;

When placing an order, please provide us with information such as: the desired product, first and last name, delivery address, billing details, payment method, telephone number, etc.

Through the page www.vestali.eu, you send us: your name, e-mail address and / or telephone number, city where you live, date of birth, favorite color and size worn.

Subscribing to the newsletter involves collecting your email address.

We may also collect and process certain information about your behavior during the visit of our website, to personalize your online experience and to offer you tailored offers to your profile. We invite you to find out more details in this regard by consulting the section regarding the purposes of processing below.

On our website we can store and collect information in cookies and similar technologies, according to the Cookies Policy.

We do not collect and otherwise process sensitive data, included in the General Regulation on data protection in special categories of personal data. Also, we do not want to collect or process data of minors who have not reached the age of 16 years.

What are the purposes and grounds for data processing

We will use your personal data for the following purposes:

To provide VESTALI services for your benefit
This general purpose may include, as appropriate, the following:

a) Creation and administration of the account within the VESTALI platform;
b) Processing of orders, including taking, validating, shipping and billing;
c) Solving cancellations or problems of any kind related to an order, to the goods or services purchased;
d) Returning the products according to the legal provisions;
e) Reimbursement of the value of the products according to the legal provisions;
f) Providing support services, including providing answers to your questions regarding your orders or VESTALI goods and services.

The processing of your data for these purposes is, in most cases, necessary for the conclusion and execution of a contract between VESTALI and you. Also, certain processing subsumed for these purposes is required by the applicable law, including tax and accounting law.

To improve our services

We always want to offer you the best online shopping experience. For this, we may collect and use certain information regarding your Buyer behavior, we may invite you to complete satisfaction questionnaires following the completion of an order or we may conduct market research and studies.

We base these activities on our legitimate interest in conducting commercial activities, always taking care that your fundamental rights and freedoms are not affected.

For marketing

We want to keep you updated on the best offers for the products / services you are interested in. In this sense, we can send you any type of message (such as: e-mail / SMS / webpush / etc.) containing general and thematic information, information on products similar or complementary to those you have purchased, information on offers or promotions, information on products added in the section “My account / basket” section, as well as other commercial communications such as market research and opinion polls. To provide you with information of interest to you, we may use certain data about your buyer behavior (ex. products viewed / added to wish list / purchased) to create a profile. We always make sure that such processing is carried out in compliance with your rights and freedoms and that the decisions taken on them do not have legal effects on you and will not affect you to a significant extent.


In most cases, we base your marketing communications on your prior consent. You can change your mind and withdraw your consent at any time, by:
– Access the unsubscribe link displayed in the messages you receive from us;
– Accessing the link for updating personal data displayed in the messages received from us;
– Contacting VESTALI at the e-mail address: info@vestali.eu.
– To unsubscribe from webpush notifications, you must access the site settings section of the browser used (Google Chrome, Internet Explorer, Mozilla Firefox, etc.) and choose the block option in the notifications section.

In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures so that your fundamental rights and freedoms are not affected. However, you can request us at any time, by the means described above, to stop the processing of your personal data for marketing purposes, and to follow up your request.

Legitimate interests

There may be situations in which we will use or transmit information to protect our rights and commercial activity. These may include:
– Measures to protect the website and users of the VESTALI platform against cyber attacks;
– Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
– Measures for the management of various other risks.
The general basis of these types of processing is our legitimate interest in defending our commercial activity, being understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
Also, in certain cases we start processing on legal provisions, such as the obligation to ensure the protection of goods and values ​​provided by the applicable legislation in this field.

How long we keep your personal data

We will store your personal data as long as you have an account on the VESTALI platform. You can ask us at any time to delete certain information or to close the account and we will respond to these requests, subject to keeping certain information including after closing the account, in situations where the applicable law or our legitimate interests require it.

To whom we transmit your personal data

Where appropriate, we may transmit or provide access to certain personal data of your own to the following categories of recipients:
– courier service providers;
– payment / banking service providers;
– IT service providers;
If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.
We ensure that the access to your data by third parties legal persons under private law is made in accordance with the legal provisions regarding data protection and confidentiality of information, based on contracts concluded with them.
VESTALI stores and processes your personal data in Romania.

How we protect the security of your personal data

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.
The transmission of your personal data is done using state-of-the-art encryption algorithms and we store them on secure servers, while ensuring data redundancy.
To make payments through the platform, we use the services of the payment processor Paypal. All payment information is encrypted using HTTPS technology with TLS 1.3 encryption.
Despite the measures taken to protect your personal data, we would like to point out that the transmission of information over the Internet, in general, or through other public networks, is not completely secure, as there is a risk that the data may be viewed and used by third parties. unauthorized parts. We cannot be held responsible for such vulnerabilities of systems that are not under our control.

What rights do you have?

The General Data Protection Regulation will recognize a number of rights in relation to your personal data. You may request access to your data, correct any errors in our files and / or object to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or to bring justice. As the case may be, you also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.
More information on each of these rights can be obtained by consulting the section below.
In order to exercise your rights, you can contact us using the contact details set out above. Please keep the following in mind if you wish to exercise these rights:
Identity. We take seriously the confidentiality of all records that contain personal data. For this reason, please send us your requests regarding such registrations using the email address of the VESTALI account. Otherwise, we reserve the right to verify your identity by requesting additional information that aims to confirm your identity.

Fees.

We will not charge a fee to exercise any rights with respect to your personal data.

Duration of response.

We propose to respond to any valid requests within a maximum of 15 working days, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of 1 month. We will notify you if the response time exceeds 1 month. We may require further clarification to help us act faster and shorten your response time to your request.

Third party rights.

We should not comply with a request if it would adversely affect the rights and freedoms of other data subjects.
You have the following personal data rights:
a. Access to your data
You can ask us:
• to confirm if we process your personal data;
• to make available a copy of this data;
• to provide you with other information about your personal data, such as the data we have, what we use, whom we disclose, if we transfer them abroad and how we protect them, how long we keep them, what rights you have, how you can make a complaint, from where we obtained your data, to the extent that the information has not already been provided to you by this information.

b. Rectifying your data
You may ask us to rectify or supplement your inaccurate or incomplete personal data.
It is possible to try to verify the accuracy of the data before rectifying it.

c. Deleting your data
You can ask us to delete your personal data in any of the situations below:
• they are no longer necessary for the purposes for which they were collected;
• You have withdrawn your consent (if the data processing is based on your consent);
• pursue a legal right to oppose you;
• they were processed illegally;
• we have a legal obligation in this regard;

We have no obligation to comply with your request to delete your personal data if the processing of your personal data is necessary:
• for compliance with a legal obligation;
• for finding, exercising or defending a right in court.
• other circumstances in which we are not obliged to comply with your request for deletion of data.

d. Restriction of data processing
You can ask us to restrict the processing of personal data, in any of the following situations:
• their accuracy is challenged (see the rectification section), to allow us to check their accuracy;
• processing is illegal, but you do not want the data to be deleted;
• they are no longer necessary for the purposes for which they were collected, but you need them to find, exercise or defend a right in court;

• You have exercised your right to oppose, and checking whether our rights prevail is in progress.
We may continue to use your personal data following a restriction request, if:
• we have your consent;
• to ascertain, exercise or ensure the defense of a right in the court;
• to protect the rights of VESTALI or of another natural or legal person.

e. Data portability
You can ask us to provide you with your personal data in a structured, commonly used and automatically readable format, or you can request that it be “ported” directly to another data operator, but in each case only if:
• processing is based on your consent or the conclusion or execution of a contract with you;
and
• processing is done by automatic means.

f. Opposition
You may object at any time, for reasons related to the particular situation in which you are, to the processing of your personal data based on our legitimate interest, if you consider that your fundamental rights and freedoms prevail over that interest.
Also, you can oppose at any time the processing of your data for the purpose of direct marketing (including the creation of profiles), without invoking any reason, in which case we will stop this processing as soon as possible.

g. Automatic decision making
You can ask not to be the subject of a decision based solely on automatic processing, but only when that decision:
• it produces legal effects on you or it affects you in a similar way and to a significant extent.

This right does not apply if the decision reached after the automatic processing:
a. it is necessary for us to conclude or carry out a contract with you;
b. it is authorized by law and there are adequate guarantees for your rights and freedoms.
c. is based on your explicit consent.

h. Complaints
You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are the following:

National Supervisory Authority for Personal Data Processing
G-ral Boulevard. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania
Phone: +40.318.059.211 or +40.318.059.212;
E-mail: anspdcp@dataprotection.ro
Without affecting your right to contact the supervisory authority at any time, please contact us in advance, and we promise that we will make every effort to resolve any problem amicably.

We remind you that you can contact us at any time with data protection by sending your request through any of the following ways:
– by e-mail at: info@vestali.eu or
– by phone number: +40.741.565.758